From d06a4a5c6d0c80a0fc4ec952ff03913536a43375 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Norman=20J=C3=A4ckel?= Date: Tue, 19 Feb 2019 20:24:48 +0100 Subject: [PATCH 1/2] Added new permission to see the history. --- CHANGELOG.rst | 2 +- openslides/core/access_permissions.py | 8 +------- .../core/migrations/0017_auto_20190219_2015.py | 18 ++++++++++++++++++ openslides/core/models.py | 1 + openslides/core/views.py | 4 +++- openslides/users/signals.py | 2 ++ 6 files changed, 26 insertions(+), 9 deletions(-) create mode 100644 openslides/core/migrations/0017_auto_20190219_2015.py diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 38a1f64a9..290bcf48c 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -21,7 +21,7 @@ Core: - Add a change-id system to get only new elements [#3938]. - Switch from Yarn back to npm [#3964]. - Added password reset link (password reset via email) [#3914, #4199]. - - Added global history mode [#3977, #4141]. + - Added global history mode [#3977, #4141, #4369, #4373]. - Projector refactoring [4119, #4130]. - Fixed logo configuration if logo file is deleted [#4374]. diff --git a/openslides/core/access_permissions.py b/openslides/core/access_permissions.py index 9627f29bb..feebc360e 100644 --- a/openslides/core/access_permissions.py +++ b/openslides/core/access_permissions.py @@ -1,5 +1,4 @@ from ..utils.access_permissions import BaseAccessPermissions -from ..utils.auth import GROUP_ADMIN_PK, async_in_some_groups class ProjectorAccessPermissions(BaseAccessPermissions): @@ -52,9 +51,4 @@ class HistoryAccessPermissions(BaseAccessPermissions): Access permissions container for the Histroy. """ - async def async_check_permissions(self, user_id: int) -> bool: - """ - Returns True if the user is in admin group and has read access to - model instances. - """ - return await async_in_some_groups(user_id, [GROUP_ADMIN_PK]) + base_permission = "core.can_see_history" diff --git a/openslides/core/migrations/0017_auto_20190219_2015.py b/openslides/core/migrations/0017_auto_20190219_2015.py new file mode 100644 index 000000000..f55fb7a30 --- /dev/null +++ b/openslides/core/migrations/0017_auto_20190219_2015.py @@ -0,0 +1,18 @@ +# Generated by Django 2.1.5 on 2019-02-19 19:15 + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [("core", "0016_projector_reference_projector")] + + operations = [ + migrations.AlterModelOptions( + name="history", + options={ + "default_permissions": (), + "permissions": (("can_see_history", "Can see history"),), + }, + ) + ] diff --git a/openslides/core/models.py b/openslides/core/models.py index caa1c0778..7267340ec 100644 --- a/openslides/core/models.py +++ b/openslides/core/models.py @@ -355,3 +355,4 @@ class History(RESTModelMixin, models.Model): class Meta: default_permissions = () + permissions = (("can_see_history", "Can see history"),) diff --git a/openslides/core/views.py b/openslides/core/views.py index 4ce5720e6..b34ba2d6c 100644 --- a/openslides/core/views.py +++ b/openslides/core/views.py @@ -501,8 +501,10 @@ class HistoryViewSet(ListModelMixin, RetrieveModelMixin, GenericViewSet): """ Returns True if the user has required permissions. """ - if self.action in ("list", "retrieve", "clear_history"): + if self.action in ("list", "retrieve"): result = self.get_access_permissions().check_permissions(self.request.user) + elif self.action == "clear_history": + result = in_some_groups(self.request.user.pk or 0, [GROUP_ADMIN_PK]) else: result = False return result diff --git a/openslides/users/signals.py b/openslides/users/signals.py index a3ec4c636..324c4c229 100644 --- a/openslides/users/signals.py +++ b/openslides/users/signals.py @@ -47,6 +47,7 @@ def create_builtin_groups_and_admin(**kwargs): "core.can_manage_tags", "core.can_manage_chat", "core.can_see_frontpage", + "core.can_see_history", "core.can_see_projector", "core.can_use_chat", "mediafiles.can_manage", @@ -134,6 +135,7 @@ def create_builtin_groups_and_admin(**kwargs): permission_dict["assignments.can_nominate_other"], permission_dict["assignments.can_nominate_self"], permission_dict["core.can_see_frontpage"], + permission_dict["core.can_see_history"], permission_dict["core.can_see_projector"], permission_dict["core.can_manage_projector"], permission_dict["core.can_manage_tags"], From a86af342ebd079ba2effec547f36426e39176263 Mon Sep 17 00:00:00 2001 From: Sean Engelhardt Date: Thu, 21 Feb 2019 11:40:56 +0100 Subject: [PATCH 2/2] Add history permission into client Requires the permission "core.can_see_history" to see the history in the navigation. Disables navigating in the timeline and clearing the history for everyone than than the super admin --- .../history-list/history-list.component.html | 5 ++- .../history-list/history-list.component.ts | 32 ++++++++++++------- client/src/app/site/history/history.config.ts | 2 +- 3 files changed, 25 insertions(+), 14 deletions(-) diff --git a/client/src/app/site/history/components/history-list/history-list.component.html b/client/src/app/site/history/components/history-list/history-list.component.html index f851221eb..79773a23d 100644 --- a/client/src/app/site/history/components/history-list/history-list.component.html +++ b/client/src/app/site/history/components/history-list/history-list.component.html @@ -4,7 +4,10 @@
- + +
diff --git a/client/src/app/site/history/components/history-list/history-list.component.ts b/client/src/app/site/history/components/history-list/history-list.component.ts index 1d0f8b125..de8d67a3c 100644 --- a/client/src/app/site/history/components/history-list/history-list.component.ts +++ b/client/src/app/site/history/components/history-list/history-list.component.ts @@ -10,6 +10,7 @@ import { History } from 'app/shared/models/core/history'; import { HistoryRepositoryService } from 'app/core/repositories/history/history-repository.service'; import { isDetailNavigable } from 'app/shared/models/base/detail-navigable'; import { ListViewBaseComponent } from 'app/site/base/list-view-base'; +import { OperatorService } from 'app/core/core-services/operator.service'; import { ViewHistory } from '../../models/view-history'; import { ViewModelStoreService } from 'app/core/core-services/view-model-store.service'; @@ -36,6 +37,9 @@ export class HistoryListComponent extends ListViewBaseComponent { - await this.repo.browseHistory(history); - const element = this.viewModelStore.get(history.getCollectionString(), history.getModelId()); - let message = this.translate.instant('OpenSlides is temporarily reset to following timestamp:'); - console.log(message); - message += ' ' + history.getLocaleString('DE-de'); + if (this.operator.isInGroupIds(2)) { + await this.repo.browseHistory(history); + const element = this.viewModelStore.get(history.getCollectionString(), history.getModelId()); + let message = this.translate.instant('OpenSlides is temporarily reset to following timestamp:'); + message += ' ' + history.getLocaleString('DE-de'); - if (isDetailNavigable(element)) { - this.raiseError(message); - this.router.navigate([element.getDetailStateURL()]); - } else { - this.raiseError(message); + if (isDetailNavigable(element)) { + this.raiseError(message); + this.router.navigate([element.getDetailStateURL()]); + } else { + this.raiseError(message); + } } } @@ -123,7 +129,9 @@ export class HistoryListComponent extends ListViewBaseComponent